Skip to main content

Website Enumeration and Information Gathering [Part 2]

Linux, Networking & Security are the domains of my interest.

Whatweb

It’s a web scanner that also tells the technologies used in the website.

website-enumeration-information-gathering-part-2

Now, for our OWASPBWA local web server

website-enumeration-information-gathering-part-2

Bonus: we can google the apache version and look for common vulnerabilities for that version

Aggression level 3 is used usually in penetration testing & it gives a lot more information.

website-enumeration-information-gathering-part-2

My router

website-enumeration-information-gathering-part-2

Dirb

It is used to discover hidden directories on a website, or it can be considered as a tool that is used to brute force director names and see whether certain directory names exist on a website or not.

website-enumeration-information-gathering-part-2

Specifying a file

website-enumeration-information-gathering-part-2

Nmap

Network exploration tool & security/port scanner.

website-enumeration-information-gathering-part-2

To check the version of services that the machine is running on different ports.

website-enumeration-information-gathering-part-2

It can also be used to scan for vulnerabilities (by running the scripts that are used for discovering vulnerabilities for each open port)

Scroll to Continue
website-enumeration-information-gathering-part-2

NOTE: Sometimes it may give false positives or false negatives for some vulnerabilities which means you can’t fully rely on this tool.

Let’s look at an example of a ‘false negative’ for http-stored-xss vulnerability in our OWASPBWA vulnerable machine.

To look for specific vulnerabilities (Let’s say http-stored-xss)

website-enumeration-information-gathering-part-2

A “false negative” for http-stored-xss is flagged even if it exists.

Nikto

This tool performs comprehensive tests against web servers,

  • It searches for service configurations
  • It checks for outdated versions of servers
  • It scans for dangerous files and programs on the web page
  • Save reports in different file types (text, XML, HTML, CSV)

and many more ….

website-enumeration-information-gathering-part-2

To check for websites hosted at a particular port no.

website-enumeration-information-gathering-part-2

Burp Suite

I have created a comprehensive guide on setting up Burp Suite with Firefox & its 3 major options (Intercept, Intruder, Repeater) you will use in your bug hunting.

Bonus Resources

  1. TryHackMe Setup.
  2. OWASPBWA vulnerable machine.
  3. OWASPBWA VM setup video.

Happy Hacking !!!

This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.

© 2022 Ashutosh Singh Patel

Related Articles